Dear Community,

is it possible to apply automation rules on particular Security Alerts?

I have created an automation flow that disable a compromised User on Azure AD /  onPrem AD and send a mail to Helpdesk.

I want to apply this automation on these kind of events since I know 100% that the user was compromised:

User compromised in AiTM phishing attack
User compromised via a known AitM phishing kit
BEC-related authentication

Thank you
Luca

​Dear Community,is it possible to apply automation rules on particular Security Alerts?I have created an automation flow that disable a compromised User on Azure AD /  onPrem AD and send a mail to Helpdesk.I want to apply this automation on these kind of events since I know 100% that the user was compromised:User compromised in AiTM phishing attackUser compromised via a known AitM phishing kitBEC-related authenticationThank youLuca  Read More

​